Connect with us

Hi, what are you looking for?


Data Breaches

Government Launches Probe Into Change Healthcare Data Breach

The HHS is investigating whether protected health information was compromised in the Change Healthcare data breach.

The US Department of Health and Human Services’ Office for Civil Rights (OCR) has launched an investigation to determine whether protected health information was compromised in the recent Change Healthcare data breach.

The incident occurred on February 21, when Change Healthcare’s claims and payment infrastructure was disrupted as result of a ransomware attack, impacting the ability of over 7,000 pharmacies and hospitals to process prescriptions.

Last week, Change Healthcare parent company UnitedHealth Group (UHG) announced that pharmacy services have been restored and that electronic payment functionality would be back up and running by the end of this week.

The Alphv/BlackCat ransomware group took responsibility for the attack in late February, claiming to have stolen at least four terabytes of data from the healthcare transactions processing firm.

Change Healthcare reportedly paid a $22 million ransom to the attackers, but the BlackCat operators seemingly pulled an exit scam, refusing to share the proceeds with the affiliate that perpetrated the attack and stole the data.

Prompted by the magnitude of the attack, OCR on Wednesday announced that it is launching an investigation into the incident, with a focus on “whether a breach of protected health information occurred”.

“The cyberattack is disrupting health care and billing information operations nationwide and poses a direct threat to critically needed patient care and essential operations of the health care industry,” HHS said.

According to OCR, the investigation will not prioritize healthcare providers and business associates tied or impacted by the attack, but will probe Change Healthcare and UHG’s compliance with HIPAA rules.

Advertisement. Scroll to continue reading.

“We are reminding entities that have partnered with Change Healthcare and UHG of their regulatory obligations and responsibilities, including ensuring that business associate agreements are in place and that timely breach notification to HHS and affected individuals occurs,” OCR notes in a Dear Colleague letter (PDF).

OCR administers and enforces HIPAA privacy, security, and breach notification rules, which set minimum requirements for safeguarding protected health information and reporting data breaches.

Related: Healthcare’s Ransomware Epidemic: Why Cyberattacks Hit the Medical Sector With Alarming Frequency

Related: EquiLend Ransomware Attack Leads to Data Breach

Related: Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.